A couple of days ago we learned that over 230 people died in a fire at a popular nightclub in Santa Maria, Brazil. Cybercriminals are leveraging the incident in an effort to distribute a Trojan Horse.Symantec experts have identified emails written in Portuguese, which promise recipients a video of the tragedy.
The malicious emails are entitled:
- “Video mostra momento exato da tragedia em Santa Maria no Rio Grande Do Sul segunda-feira, 28 de janeiro de 2013” (Video shows the beginning of the tragedy in Santa Maria, Rio Grande Do Sul Monday, January 28, 2013);
- “VIDEO DO ACIDENTE DA BOATE DE SANTA MARIA RS.” (Video of the Nightclub accident in Santa Maria RS);
However, the links they contain don’t point to a video, but to a .zip file which hides an executable and a malicious control panel.
The malware could be a backdoor Trojan, a downloader or an information-stealer.
Users are advised to be cautious when presented with such emails, especially if they’re asked to download files or visit shady websites.